Cyber Resilience

CVE-2025-58434

CriticalPublic PoC

Published: 12 September 2025

Published
12 September 2025
Modified
20 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3236 97.0th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58434 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cloud Account (T1087.004); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and IA-5 (Authenticator Management).

Deeper analysis

Flowise, an open-source drag-and-drop interface for building customized LLM flows, contains an authentication bypass in its password-reset functionality. In versions 3.0.5 and earlier, the unauthenticated `forgot-password` endpoint returns a valid `tempToken` and other account details for any supplied user, affecting both the hosted service at cloud.flowiseai.com and any self-hosted or local deployment that exposes the same API. The issue is tracked as CWE-306 and carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker can invoke the endpoint with an arbitrary username or email to obtain a working reset token, then immediately change the target account’s password and achieve full account takeover. Because the endpoint performs no identity verification and returns the token directly in the response, the attack requires no prior access, credentials, or user interaction.

The vulnerability was addressed in commit 9e178d68873eb876073846433a596590d3d9c863, released in version 3.0.6. The advisory recommends that password-reset tokens never be returned in API responses, that they be delivered only through the registered email channel, that the endpoint always reply with a generic success message, and that tokens be single-use, short-lived, and bound to the original request context. The same controls should be applied to both cloud and self-hosted instances, and password-reset activity should be logged for anomaly detection. The current EPSS score of 0.3236 shows no material post-disclosure rise.

EU & UK References

Vulnerability details

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This…

more

enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO). This vulnerability applies to both the cloud service (`cloud.flowiseai.com`) and self-hosted/local Flowise deployments that expose the same API. Commit 9e178d68873eb876073846433a596590d3d9c863 in version 3.0.6 secures password reset endpoints. Several recommended remediation steps are available. Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel. Ensure `forgot-password` responds with a generic success message regardless of input, to avoid user enumeration. Require strong validation of the `tempToken` (e.g., single-use, short expiry, tied to request origin, validated against email delivery). Apply the same fixes to both cloud and self-hosted/local deployments. Log and monitor password reset requests for suspicious activity. Consider multi-factor verification for sensitive accounts.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise, large language model

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1087.004 Cloud Account Discovery
Adversaries may attempt to get a listing of cloud accounts.
T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated forgot-password endpoint leaks reset tokens for arbitrary users, enabling cloud account discovery via response differences (T1087.004), exploitation of public-facing application (T1190), and account takeover for valid cloud account abuse (T1078.004).

CVEs Like This One

CVE-2025-8943Same product: Flowiseai Flowise
CVE-2026-41273Same product: Flowiseai Flowise
CVE-2026-30824Same product: Flowiseai Flowise
CVE-2026-40933Same product: Flowiseai Flowise
CVE-2025-59528Same product: Flowiseai Flowise
CVE-2025-61913Same product: Flowiseai Flowise
CVE-2025-50538Same product: Flowiseai Flowise
CVE-2025-61687Same product: Flowiseai Flowise
CVE-2025-34267Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
≤ 3.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires secure management and distribution of authenticators like password reset tempTokens, preventing their exposure in unauthenticated API responses and mandating delivery via secure channels such as email with validation like single-use and expiry.

prevent

AC-14 explicitly limits actions performable without identification or authentication, ensuring the forgot-password endpoint only returns generic success messages without issuing valid reset tokens to unauthenticated users.

prevent

IA-6 mandates obscuring authentication feedback, such as generic responses to forgot-password requests, to prevent information disclosure, user enumeration, and exploitation leading to account takeover.

References